package com.rf.richfitwheel.admin.conf;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// CSRF默认支持的方法： GET|HEAD|TRACE|OPTIONS，不支持POST ，不是我们想要的，故取消CSRF防御
		http.csrf().disable();
		//拦截监控的url由Security认证，其他url放行交由shiro去搞
		http.formLogin().and().authorizeRequests().antMatchers("/actuator/*").authenticated()
				.anyRequest().permitAll()
				// 一定要执行下面这一句，否则prometheus无法自动登录会提示："INVALID" is not a valid start token
				.and().httpBasic();

	}
}

